Parsing from PEM isn't affected, nor is parsing of SSL certificates in SSL becau... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

agl on April 19, 2012 | parent | context | favorite | on: Heap overflow bug in OpenSSL

Parsing from PEM isn't affected, nor is parsing of SSL certificates in SSL because libssl doesn't use the BIO functions.

It's mostly users of OpenSSL who are calling d2i_XXX_bio or d2i_XXX_fp.

tptacek on April 19, 2012 [–]

Rats, you're right. I should stop commenting 15 minutes after I wake up.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact